Remove exceptions in I3042 and allow lambda auth uri

aws-cloudformation · Sep 26, 2024 · 5dda2ae · 5dda2ae
1 parent eaa0705
commit 5dda2ae
Show file tree

Hide file tree

Showing 3 changed files with 1 addition and 25 deletions.
diff --git a/src/cfnlint/rules/resources/HardCodedArnProperties.py b/src/cfnlint/rules/resources/HardCodedArnProperties.py
@@ -47,11 +47,6 @@ def __init__(self):
                 "type": "boolean",
             },
         }
-        self.exceptions = {
-            "AWS::ApiGateway::Authorizer": [
-                ["Properties", "AuthorizerUri"],
-            ]
-        }
 
         self.configure()
 
@@ -102,17 +97,6 @@ def match(self, cfn: Template) -> RuleMatches:
             path = ["Resources"] + parameter_string_path[:-1]
             candidate = parameter_string_path[-1]
 
-            resource_name = path[1]
-            _type = cfn.template.get("Resources", {}).get(resource_name, {}).get("Type")
-            is_exception = False
-            if _type in self.exceptions:
-                for exception in self.exceptions[_type]:
-                    if all(x[0] == x[1] for x in zip(path[2:], exception)):
-                        is_exception = True
-
-            if is_exception:
-                continue
-
             # ruff: noqa: E501
             # !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
             # is valid even with aws as the account #.  This handles empty string

diff --git a/test/fixtures/templates/bad/hard_coded_arn_properties.yaml b/test/fixtures/templates/bad/hard_coded_arn_properties.yaml
@@ -77,11 +77,3 @@ Resources:
               - !Sub arn:${AWS::Partition}:sns:${AWS::Partition}:${AWS::AccountId}:TestTopic
       Roles:
         - !Ref SampleRole
-
-  Authorizer:
-    Type: AWS::ApiGateway::Authorizer
-    Properties:
-      AuthorizerUri: !Sub arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:Name/invocations
-      RestApiId: RestApiId
-      Type: REQUEST
-      Name: !Sub arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:${AWS::Partition}:lambda:${AWS::Region}:${AWS::AccountId}:function:Name/invocations
diff --git a/test/unit/rules/resources/test_hardcodedarnproperties.py b/test/unit/rules/resources/test_hardcodedarnproperties.py
@@ -71,7 +71,7 @@ def test_file_negative_region(self):
     def test_file_negative_accountid(self):
         self.helper_file_negative(
             "test/fixtures/templates/bad/hard_coded_arn_properties.yaml",
-            2,
+            1,
             ConfigMixIn(
                 [],
                 include_experimental=True,